GNU bug report logs -
#78302
[PATCH v2] Update nginx to 1.27.5, and add QUIC support
Previous Next
To reply to this bug, email your comments to 78302 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#78302; Package
guix-patches.
(Wed, 07 May 2025 19:36:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ashish SHUKLA <ashish.is <at> lostca.se>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Wed, 07 May 2025 19:36:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This patch updates nginx to 1.27.5, and adds another package
"nginx-http3" for HTTP3/QUIC support[0].
References:
[0] https://issues.guix.gnu.org/77536
Ashish SHUKLA (3):
gnu: nginx: Update to 1.27.5. [security fixes]
gnu: nginx-documentation: Update to 1.27.5.
gnu: Add nginx-http3.
gnu/packages/web.scm | 56 +++++++++++++++++++++++++++++++++++++++-----
1 file changed, 50 insertions(+), 6 deletions(-)
base-commit: 295a35ba20257e965c4eba8488de99fce7bf027f
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78302; Package
guix-patches.
(Wed, 07 May 2025 19:38:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 78302 <at> debbugs.gnu.org (full text, mbox):
This release includes fix for (CVE-2025-23419).
* gnu/packages/web.scm (nginx): Update to 1.27.5.
Change-Id: I45e89fc97a3536843e5af80ffb072db705fb3f84
---
gnu/packages/web.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b3f998aca9..df7d376d9a 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -565,14 +565,14 @@ (define-public nginx
;; Track the ‘mainline’ branch. Upstream considers it more reliable than
;; ’stable’ and recommends that “in general you deploy the NGINX mainline
;; branch at all times” (https://www.nginx.com/blog/nginx-1-6-1-7-released/)
- (version "1.27.3")
+ (version "1.27.5")
(source (origin
(method url-fetch)
(uri (string-append "https://nginx.org/download/nginx-"
version ".tar.gz"))
(sha256
(base32
- "00vrkdx0a6fpy8n0n7m9xws0dfa7dbb9pqnh3jv3c824ixbaj8xs"))))
+ "03nxfik3f7lj9lnj71nm1h7q26xsxhr1ppf302hbhv9akjxwwsp9"))))
(build-system gnu-build-system)
(inputs (list libxcrypt libxml2 libxslt openssl pcre zlib))
(arguments
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78302; Package
guix-patches.
(Wed, 07 May 2025 19:38:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 78302 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/web.scm (nginx-documentation): Update to 1.27.5.
Change-Id: I2cb7f9c67284e509cc7b21653882593ad2321324
---
gnu/packages/web.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index df7d376d9a..cab378e582 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -663,9 +663,9 @@ (define-public nginx
(define-public nginx-documentation
;; This documentation should be relevant for the current nginx package.
- (let ((version "1.27.3")
- (revision 3156)
- (changeset "5c6ef6def8bc"))
+ (let ((version "1.27.5")
+ (revision 3198)
+ (changeset "5b736526489f"))
(package
(name "nginx-documentation")
(version (simple-format #f "~A-~A-~A" version revision changeset))
@@ -677,7 +677,7 @@ (define-public nginx-documentation
(file-name (string-append name "-" version))
(sha256
(base32
- "09wdvgvsr7ayjz3ypq8qsm12idb9z626j5ibmknc8phm10gh8cgk"))))
+ "04qbi7rczv28k4ainnvnv7xxf48jmh5ydxpnlzr4zdpkl7fjz0j3"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; no test suite
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78302; Package
guix-patches.
(Wed, 07 May 2025 19:38:03 GMT)
Full text and
rfc822 format available.
Message #14 received at 78302 <at> debbugs.gnu.org (full text, mbox):
This package uses boringssl for QUIC support in nginx.
* gnu/packages/web.scm: Add nginx-http3.
Change-Id: I05348d57d5fcd4be661c3500b186df5e05f24160
---
gnu/packages/web.scm | 44 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index cab378e582..b4b33fa2f4 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -123,6 +123,7 @@ (define-module (gnu packages web)
#:use-module (gnu packages build-tools)
#:use-module (gnu packages certs)
#:use-module (gnu packages check)
+ #:use-module (gnu packages cmake)
#:use-module (gnu packages compression)
#:use-module (gnu packages cpp)
#:use-module (gnu packages crates-crypto)
@@ -712,6 +713,49 @@ (define-public nginx-documentation
"This package provides HTML documentation for the nginx web server.")
(license license:bsd-2))))
+(define-public nginx-http3
+ (let* ((boringssl-commit "864a235afcf4d2575b1eab8de96fbf0d84f6cda9")
+ (boringssl (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://boringssl.googlesource.com/boringssl")
+ (commit boringssl-commit)))
+ (file-name (git-file-name "boringssl" boringssl-commit))
+ (sha256 (base32 "0ayd3519zyrwn9ccmlch3j7qvkg80az7z278n2vhrrl977dakyny")))))
+ (package
+ (inherit nginx)
+ (name "nginx-http3")
+ (inputs
+ (modify-inputs (package-inputs nginx)
+ (replace "openssl" boringssl)))
+ (native-inputs
+ (modify-inputs (package-native-inputs nginx)
+ (append cmake-minimal)))
+ (arguments
+ (substitute-keyword-arguments (package-arguments nginx)
+ ((#:phases phases #~(list))
+ #~(modify-phases #$phases
+ (add-before 'configure 'build-boringssl
+ (lambda* (#:key inputs parallel-build? #:allow-other-keys)
+ (mkdir-p "boringssl-build")
+ (let ((boringssl-build-dir (string-append (getcwd) "/boringssl-build")))
+ (with-directory-excursion (assoc-ref inputs "openssl")
+ (invoke "cmake" (string-append "-B" boringssl-build-dir)
+ "-DCMAKE_BUILD_TYPE=RelWithDebInfo")
+ (invoke "make" "-C" boringssl-build-dir
+ (string-append "-j"
+ (if parallel-build?
+ (number->string (parallel-job-count))
+ "1")))))))))
+
+ ((#:configure-flags flags #~(list))
+ #~(cons* "--with-http_v3_module"
+ (string-append "--with-cc-opt=-I"
+ (assoc-ref %build-inputs "openssl") "/include")
+ (string-append "--with-ld-opt=-Lboringssl-build -lstdc++")
+ #$flags)))))))
+
(define-public nginx-accept-language-module
;; Upstream has never made a release; use current commit instead.
(let ((commit "2f69842f83dac77f7d98b41a2b31b13b87aeaba7")
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78302; Package
guix-patches.
(Wed, 11 Jun 2025 22:18:04 GMT)
Full text and
rfc822 format available.
Message #17 received at 78302 <at> debbugs.gnu.org (full text, mbox):
This release includes fix for (CVE-2025-23419).
* gnu/packages/web.scm (nginx): Update to 1.27.5.
Change-Id: I45e89fc97a3536843e5af80ffb072db705fb3f84
---
gnu/packages/web.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 22369cd3f5..94a29e2a86 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -567,14 +567,14 @@ (define-public nginx
;; Track the ‘mainline’ branch. Upstream considers it more reliable than
;; ’stable’ and recommends that “in general you deploy the NGINX mainline
;; branch at all times” (https://www.nginx.com/blog/nginx-1-6-1-7-released/)
- (version "1.27.3")
+ (version "1.27.5")
(source (origin
(method url-fetch)
(uri (string-append "https://nginx.org/download/nginx-"
version ".tar.gz"))
(sha256
(base32
- "00vrkdx0a6fpy8n0n7m9xws0dfa7dbb9pqnh3jv3c824ixbaj8xs"))))
+ "03nxfik3f7lj9lnj71nm1h7q26xsxhr1ppf302hbhv9akjxwwsp9"))))
(build-system gnu-build-system)
(inputs (list libxcrypt libxml2 libxslt openssl pcre zlib))
(arguments
base-commit: 60828ad981b9d0673704f7a57e01fb6269852007
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78302; Package
guix-patches.
(Wed, 11 Jun 2025 22:19:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 78302 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/web.scm (nginx-documentation): Update to 1.27.5.
Change-Id: I2cb7f9c67284e509cc7b21653882593ad2321324
---
gnu/packages/web.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 94a29e2a86..cc1b8b5724 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -665,9 +665,9 @@ (define-public nginx
(define-public nginx-documentation
;; This documentation should be relevant for the current nginx package.
- (let ((version "1.27.3")
- (revision 3156)
- (changeset "5c6ef6def8bc"))
+ (let ((version "1.27.5")
+ (revision 3198)
+ (changeset "5b736526489f"))
(package
(name "nginx-documentation")
(version (simple-format #f "~A-~A-~A" version revision changeset))
@@ -679,7 +679,7 @@ (define-public nginx-documentation
(file-name (string-append name "-" version))
(sha256
(base32
- "09wdvgvsr7ayjz3ypq8qsm12idb9z626j5ibmknc8phm10gh8cgk"))))
+ "04qbi7rczv28k4ainnvnv7xxf48jmh5ydxpnlzr4zdpkl7fjz0j3"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; no test suite
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78302; Package
guix-patches.
(Wed, 11 Jun 2025 22:19:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 78302 <at> debbugs.gnu.org (full text, mbox):
This package uses boringssl for QUIC support in nginx.
* gnu/packages/web.scm: Add nginx-http3.
Change-Id: I05348d57d5fcd4be661c3500b186df5e05f24160
---
This revision addresses the lint warnings.
gnu/packages/web.scm | 48 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index cc1b8b5724..5725ba2b45 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -125,6 +125,7 @@ (define-module (gnu packages web)
#:use-module (gnu packages build-tools)
#:use-module (gnu packages certs)
#:use-module (gnu packages check)
+ #:use-module (gnu packages cmake)
#:use-module (gnu packages compression)
#:use-module (gnu packages cpp)
#:use-module (gnu packages crates-crypto)
@@ -714,6 +715,53 @@ (define-public nginx-documentation
"This package provides HTML documentation for the nginx web server.")
(license license:bsd-2))))
+(define-public nginx-http3
+ (let*
+ ((boringssl-commit "864a235afcf4d2575b1eab8de96fbf0d84f6cda9")
+ (boringssl
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://boringssl.googlesource.com/boringssl")
+ (commit boringssl-commit)))
+ (file-name (git-file-name "boringssl" boringssl-commit))
+ (sha256
+ (base32 "0ayd3519zyrwn9ccmlch3j7qvkg80az7z278n2vhrrl977dakyny")))))
+ (package
+ (inherit nginx)
+ (name "nginx-http3")
+ (inputs
+ (modify-inputs (package-inputs nginx)
+ (replace "openssl" boringssl)))
+ (native-inputs
+ (modify-inputs (package-native-inputs nginx)
+ (append cmake-minimal)))
+ (arguments
+ (substitute-keyword-arguments (package-arguments nginx)
+ ((#:phases phases #~(list))
+ #~(modify-phases #$phases
+ (add-before 'configure 'build-boringssl
+ (lambda* (#:key inputs parallel-build? #:allow-other-keys)
+ (mkdir-p "boringssl-build")
+ (let ((boringssl-build-dir (string-append (getcwd)
+ "/boringssl-build")))
+ (with-directory-excursion (assoc-ref inputs "openssl")
+ (invoke "cmake" (string-append "-B" boringssl-build-dir)
+ "-DCMAKE_BUILD_TYPE=RelWithDebInfo")
+ (invoke "make" "-C" boringssl-build-dir
+ (string-append "-j"
+ (if parallel-build?
+ (number->string (parallel-job-count))
+ "1")))))))))
+
+ ((#:configure-flags flags #~(list))
+ #~(cons* "--with-http_v3_module"
+ (string-append "--with-cc-opt=-I"
+ (assoc-ref %build-inputs "openssl") "/include")
+ (string-append "--with-ld-opt=-Lboringssl-build -lstdc++")
+ #$flags)))))))
+
(define-public nginx-accept-language-module
;; Upstream has never made a release; use current commit instead.
(let ((commit "2f69842f83dac77f7d98b41a2b31b13b87aeaba7")
--
2.49.0
Changed bug title to '[PATCH v2] Update nginx to 1.27.5, and add QUIC support' from '[PATCH] Update nginx to 1.27.5, and add QUIC support [security-fixes]'
Request was from
"Ashish SHUKLA" <ashish.is <at> lostca.se>
to
control <at> debbugs.gnu.org.
(Wed, 11 Jun 2025 22:22:03 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.